Answered by:

SCEREGVL.INF registration using the LocalGPO tool

Question

I've updated the "MSS" values in the sceregvl.inf file by running the LocalGPO tool command line:

"LocalGPO.wsf /ConfigSCE"

I am now able to see all the "MSS" security settings in GPMC on my test domain controller.

We regularly rollout our system build (including Windows lockdown e.g. All users, OUs and GPOs) during our system development and test phase using MDT.

I was wondering, now that I've updated the sceregvl.inf file (on my test DC), am I able to copy this file into the “%SYSTEMROOT%\INF” of a different domain controller and register the dll via "regsvr32 scecli.dll" thus preventing the need to install the
LocalGPO tool in our production environment?

By running the above command line is anything else copied/set to work/ registered?

Answers

Yes, you can do what you propose. Copy the sceregvl.inf file to the
%SYSTEMROOT%\INF folder on the other computers and then reregister the DLL by entering
regsvr32 scecli.dll from a command prompt with admin privileges. That's the manual procedure we documented for our guides from 2002 until 2008, when we released the first version of the GPOAccelerator. That DLL is what populates the Security
Settings section of the group policy management tools.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.